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DETAILED ACTION 

1 . This action is in reply to applicant's correspondence of 13 June 2006. 

2. Claims 1-65 are pending for examination. 

3. Claims 1-25,32-37,42-45,50-54 remain rejected. 

Claim Rejections - 35 USC §102 
The examiner acknowledges and thanks the applicant for pointing out the typographical 
error concerning the 35 U.S.C. 102 paragraph rejection in the previous office action. 

The following is a quotation of the appropriate paragraphs of 35 U.S.C 102 that form the 
basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1 (a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1(2) of such treaty in the English language. 

4. Claims 1-25,32-37,42-45,50-54 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Olden, U.S. Patent 6,460,141 Bl. 

5. As per claim 1; "A method for providing access to resources [Abstract, figures 1-33 and 
accompanying descriptions], comprising the steps of: 

acquiring user identification information from a first authentication system, 

said user identification information is associated with a request from a first user to 
access a first resource, 
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said step of acquiring is performed by an authorization system, 
said authorization system is separate from said first authentication system [figures 
1-5 and accompanying descriptions, whereas the authorization component, entitlement 
server component, administrative client/resource consumer (at the user, group, and realm 
level insofar as user identification information would be concerned), and enabled web 
server, as broadly interpreted by the examiner correspond respectively, to the applicant's 
authorization system, first authentication system, user identification information (source 
thereof), and accessible resources.]; 

relying on said first authentication system for authenticating said first user; 

using said user identification information to access an identity profile associated with said 
user identification information [figures 1-5, and particularly figures 2,3, and accompanying 
descriptions, whereas the entitlement creation/assignment in the access rights, user/group/realm 
information (i.e., the database referencing aspects thereof) pertaining to user ID, name, address, 
password, ACL analog, etc., aspects, as broadly interpreted by the examiner correspond, to the 
applicant's ' ... using said user ... information to access ... profile ...'.]; and 

performing, at said authorization system, authorization services for said request to access 
said first resource based on said identity profile associated with said user identification 
information [figures 1-33, and accompanying descriptions, whereas the actual authorization 
servicing functionality per se, as broadly interpreted by the examiner correspond, to the 
applicant's ' ... performing authorization services ...'.]; 

wherein said authorization services comprise determining whether said first user is 

9 

authorized to access said first resource [figures 1-33, and accompanying descriptions, whereas 
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the actual authorization servicing functionality per se, as broadly interpreted by the examiner 
correspond, to the applicant's claim limitation.]; and 

wherein authenticating said first user comprises verifying an identity of said first user 
[figures 1-5, and particularly figures 2,3, and accompanying descriptions, whereas the 
entitlement creation/assignment in the access rights, user/group/realm information (i.e., the 
database referencing aspects thereof) pertaining to user ID, name, address, password, ACL 
analog, etc., aspects, as broadly interpreted by the examiner correspond, to the applicant's claim 
limitation.]."; 

Further, as per claim 32, this claim is the embodied method software for the method 
claim 1 above, and is rejected for the same reasons provided for the claim 1 rejection; 

6. Claim 2 additionally recites the limitation that; "A method according to claim 1, wherein: 
said step of acquiring user identification includes reading a user ID from an internal web server 
variable.". 

The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the 6 . . . cookie is created for each user . . . ' which clearly is a web server variable 
(i.e., cookie) based on user information/ED/variables and the transfer thereof, as broadly 
interpreted by the examiner would clearly encompass ' . . . acquiring user identification . . . user 
ID . . . web server variable ...'.). 
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7. Claim J additionally recites the limitation that; "A method according to claim 2, further 
comprising the step of: 

allowing a first user to access said first resource if said step of performing determines that 
said first user is authorized to access said first resource based on said identity profile, said first 
user is associated with said identity profile and said request.". 
The teachings of Olden are directed towards such limitations (i.e., figures 1-33, and 
accompanying descriptions, whereas the actual authorization servicing functionality and 
subsequent resource access (i.e., retrieve a web document/file/page) per se, as broadly interpreted 
by the examiner correspond, to the applicant's ' . . . access . . . resource . . . authorized to access . . . 
resource ... profile...'.). 

8. Claim 4 additionally recites the limitation that; "A method according to claim 1, wherein 
relying on said first authentication system comprises the steps of: 

receiving information about said request; 

determining whether said first resource is protected; and 

determining that authentication for said first resource is to be performed by said first 
authentication system.". 

The teachings of Olden are directed towards such limitations (i.e., figures 1-33, and particularly 
figure 28, and accompanying descriptions, whereas the actual authorization servicing 
functionality and subsequent resource access (i.e., retrieve a web document/file/page) per se, 
inherently require the setup of access requirements in order to create the user/group/realm levels 
of access criteria as related to the associated resources in question (i.e., to protect or not, and at 



1 » 
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what level of secured protection), as broadly interpreted by the examiner correspond, to the 
applicant's ' . . . determining . . . resource is protected; . . . authentication . . . resource is to be 
performed ...'.)• 

Further, as per the claim 33 additionally recited limitation, this claim is the embodied 
method software for the method claim 4 above, and is rejected for the same reasons provided for 
the claim 4 rejection. 

9. Claim 5 additionally recites the limitation that; "A method according to claim 1, wherein: 
said step of acquiring user identification includes acquiring a plurality of data items 

which can be used to identify a user.". 

The teachings of Olden are directed towards such limitations (i.e., col. 7,lines 10-col. 8,line 5, 
whereas the actual authorization servicing functionality and subsequent resource access (i.e., 
retrieve a web document/file/page) per se, inherently require the setup of access requirements in 
order to create the user/group/realm levels of access criteria as related to the associated resources 
in question (i.e., to protect or not, and at what level of secured protection), and further, such user 
level criteria such as "for example, user ID, first name, last name . . .", as broadly interpreted by 
the examiner correspond, to the applicant's * . . . acquiring user identification . . . plurality of data 
items . . . identify a user ...'.). 

10. Claim 6 additionally recites the limitation that; "A method according to claim 1, further 
comprising the step of: 
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acquiring one or more data items in addition to said user identification information, said 
step of performing authorization services uses said one or more data items to attempt to authorize 
access to said first resource in response to said request.". 

The teachings of Olden are directed towards such limitations (i.e., col. 7,lines 10-col. 8,line 5, 
whereas the actual authorization servicing functionality and subsequent resource access (i.e., 
retrieve a web document/file/page) per se, inherently require the setup of access requirements 
(i.e., one or more data items) in order to create the user/group/realm levels of access criteria as 
related to the associated resources in question (i.e., to protect or not, and at what level of secured 
protection), and further, such user level criteria such as "for example, user ID, first name, last 
name ... as well as extendible attributes . . .", as broadly interpreted by the examiner correspond, 
to the applicant's ' ... acquiring ... dataitemS in addition ... identification information, ... 
authorization services uses said one or more data ...'.). 

Further, as per the claim 34 additionally recited limitation, this claim is the embodied 
method software for the method claim 6 above, and is rejected for the same reasons provided for 
the claim 6 rejection. 

11. Claim 7 additionally recites the limitation that; "A method according to claim 1, wherein: 
said authorization system is part of an access system that protects a plurality of resources, 
said plurality of resources includes said first resource, a second resource and a third 
resource; 

said first resource uses said first authentication system for authentication services; 
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said second resource uses a second authentication system for authentication services, 
said second authentication system is separate from said access system; and 

said third resource uses a third authentication system for authentication services, 
said third authentication system is separate from said access system 
The teachings of Olden are directed towards such limitations (i.e., col. 3, lines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. 11, line 54, col. 19,lines 43-col. 20,line 57, whereas the 
plurality of authorization servers ... at least one authorization dispatcher . . . communicate with 
the entitlements server component . . . ' which clearly encompasses plural 
authentication/authorization/access to resources aspects, as broadly interpreted by the examiner 
would clearly encompass ' . . . authorization system is part . . . protects a plurality of resources, . . . 
said first resource uses said first authentication system for authentication services; said second 
resource . . . said third resource . . . authentication system ...'.). 

12. Claim 8 additionally recites the limitation that; "A method according to claim 7, wherein: 
said first authentication system is a default web server authentication system; 
said second authentication system is an authentication plug-in; and 
said third authentication system is a third party authentication system ". 
The teachings of Olden are directed towards such limitations (i.e., col. 3, lines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. 11, line 54, col. 19,lines 43-coL 20,line 57, whereas the \ .. 
plurality of authorization servers ... at least one authorization dispatcher . . . communicate with 
the entitlements server component . . . Web server plug-ins are started. . . cookies . . . Web server 
plug-ins . . . ' which clearly encompasses plural authentication/authorization/access to resources 
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aspects, as broadly interpreted by the examiner would clearly encompass £ . . . first authentication 
system . . . default web server . . . second authentication . . . plug-in; and said third authentication 
. . . third party authentication system. ..'.). 

13. Claim 9 additionally recites the limitation that; "A method according to claim 1, wherein: 
said authorization system is part of an access system that protects a plurality of resources, 
said access system provides for use of one or more internal authentication systems and 
said access system provides for reliance on one or more external authentication systems, 
said one or more external authentication systems include said first authentication 

system.". 

The teachings of Olden are directed towards such limitations (i.e., col. 3, lines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. ll,line 54, col. 19,Hnes 43-col. 20,line 57, whereas the 
plurality of authorization servers ... at least one authorization dispatcher . . . communicate with 
the entitlements server component . . . ' which clearly encompasses plural 
authentication/authorization/access to resources aspects, insofar as the inherent robust nature of 
the network architecture, inclusive of the intranet (i.e., internal server aspects) and Internet web 
(i.e., external server aspects) as broadly interpreted by the examiner would clearly encompass * 
. . . authorization system . . . access system that protects a plurality of resources, . . . internal 
authentication systems . . . reliance . . . external authentication systems, . . . first authentication 
system ...*.). 
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Further, as per the claim T5 additionally recited limitation, this claim is the embodied 
method software for the method claim 9 above, and is rejected for the same reasons provided for 
the claim 9 rejection. 

14. Claim 10 additionally recites the limitation that; "A method according to claim 1, 
wherein: 

said authorization system is part of an access system that protects a plurality of resources 

and 

does not have an applications program interface.". 
The teachings of Olden are directed towards such limitations (i.e., col. 3, lines 24-col. 4,line 45, 
col. 6,lines 36-62, col 9,lines 63-col. ll,line 54, col. 19,lines 43-col. 20,line 57, whereas the 
plurality of authorization servers ... at least one authorization dispatcher . . . communicate with 
the entitlements server component . . . ' which clearly encompasses plural 
authentication/authorization/access to resources aspects, insofar as the inherent robust nature of 
the network architecture, inclusive of the intranet (i.e., internal server aspects) and Internet web 
(i.e., external server aspects) as broadly interpreted by the examiner would clearly encompass ' 
. . . authorization system . . . access system that protects a plurality of resources, . . . does not have 
an applications program interface . . . \). 

15. Claim 1 1 additionally recites the limitation that; "A method according to claim 1, further 
comprising the steps of: 

using said user identification information to create information for a cookie; and 
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causing said cookie to be transmitted for storage on a client associated with said 
request". 

The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the ' . . . cookie is created for each user . . . ' which clearly is a cookie based on user . 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass * . . . using . . . information to create . . . cookie; . . . storage on a client ...'.). 

16. Claim 12 additionally recites the limitation that; "A method according to claim 1 1, 
further comprising the step of: 

performing single sign-on services based on said cookie.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23, lines 45-col. 24,line 
57, whereas the . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again 7 which clearly is a cookie based on user 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass ' . . . single sign-on services based on said cookie ...'.). 

Further, as per the claim 36 additionally recited limitation, this claim is the embodied 
method software for the method claims 11,12 above, and is rejected for the same reasons 
provided for the claims 11,12 rejection. 

17. Claim 13 additionally recites the limitation that; "A method according to claim 1 1, 
further comprising the steps of: 
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receiving a request to access a second resource, 

said request to access said second resource includes contents of said cookie; and 

using said cookie to authorize access to said second resource without authenticating.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the ' . . .supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again* which clearly is a cookie based on user 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass ' . . . using . . . information to create . . . cookie; . . . storage on a client . . . cookie 
to authorize access . . . without authenticating'.). 

18. Claim 14 additionally recites the limitation that; "A method according to claim 11, 
further comprising the steps of: 

receiving a request to access a second resource at a second server, 

said request to access said first resource was received at a first server but not at 

said second server, 

said first authentication system does include said first server and does not include 
said second server, 

said step of receiving said request to access said second resource includes 
receiving contents of said cookie; and 

using said cookie at said second server to authorize access to said second resource 
without authenticating.". 
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The teachings of Often are directed towards such limitations (i.e., col. 23,Iines 45-coI. 24,line 
57, whereas the c . . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again* which clearly is a cookie based on user 
information/variables and the transfer thereof, and further, the inherent nature of cookie 
creation/transfer is such that the cookies have a basically one-to-one relationship between the 
server and client so associated. Still further, the IP routing nature of the Internet embodied (at the 
least) embodiment would route packets such that rejection of non-addressed packets would 
inherently occur, such that, as broadly interpreted by the examiner would clearly encompass 
using . . . information to create . . . cookie; . . . storage on a client . . . cookie to authorize access . . . 
(multiple server resources) . . . without authenticating'.). 

Further, as per the claim 37 additionally recited limitation, this claim is the embodied 
method software for the method claims 11,14 above, and is rejected for the same reasons 
provided for the claims 11,14 rejection. 

19. As per claim 15; "A method for providing access to resources [Abstract, figures 1-33 and 
accompanying descriptions], comprising the steps of: 

acquiring a plurality of variables from a first authentication system, 

said step of acquiring is performed by an authorization system, 
said authorization system is separate from said first authentication system, 
said variables are associated with a first request from a first user to access a first 
resource [figures 1-5 and accompanying descriptions, whereas the authorization 
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component, entitlement server component, administrative client/resource consumer (at 
the user, group, and realm level insofar as user identification information/ plurality of 
variables would be concerned), and enabled web server, as broadly interpreted by the 
examiner correspond respectively, to the applicant's authorization system, first 
authentication system, user identification information/ plurality of variables (source 
thereof), and accessible resources.]; 

relying on said first authentication system for authenticating said first user; 
performing, at said authorization system, authorization services for said request to access 
said first resource based on said plurality of variables [figures 1-33, and accompanying 
descriptions, whereas the actual authorization servicing functionality per se, as broadly 
interpreted by the examiner correspond, to the applicant's ' . . . performing authorization 
services ...'.]; 

wherein said authorization services comprise determining whether said first user is 
authorized to access said first resource [figures 1-33, and accompanying descriptions, whereas 
the actual authorization servicing functionality per se, as broadly interpreted by the examiner 
correspond, to the applicant's claim limitation.]; and 

wherein authenticating said first user comprises verifying an identity of said first user 
[figures 1-5, and particularly figures 2,3, and accompanying descriptions, whereas the 
entitlement creation/assignment in the access rights, user/group/realm information (i.e., 
the database referencing aspects thereof) pertaining to user ID, name, address, password, 
ACL analog, etc., aspects, as broadly interpreted by the examiner correspond, to the 
applicant's claim limitation.]". 
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Further, as per claim 42, this claim is the embodied method software for the method 
claim 15 above, and is rejected for the same reasons provided for the claim 15 rejection. 

20. Claim 16 additionally recites the limitation that; "A method according to claim 15, 
wherein relying on said first authentication system comprises the steps of: 

receiving information from said first request; 

determining whether said first resource is protected; and 

determining that authentication for said first resource is to be performed by said first 
authentication system.". 

The teachings of Olden are directed towards such limitations (i.e., figures 1-33, and particularly 
figure 28, and accompanying descriptions, whereas the actual authorization servicing 
functionality and subsequent resource access (i.e., retrieve a web document/file/page) per se, 
inherently require the setup of access requirements in order to create the user/group/realm levels 
of access criteria as related to the associated resources in question (i.e., to protect or not, and at 
what level of secured protection), as broadly interpreted by the examiner correspond, to the 
applicant's ' ... determining ... resource is protected; ... authentication ... resource is to be 
performed ...'.). 

Further, as per the claim 43 additionally recited limitation, this claim is the embodied 
method software for the method claim 16 above, and is rejected for the same reasons provided 
for the claim 16 rejection. 
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21. Claim 17 additionally recites the limitation that; "A method according to claim 15, 
wherein: 

said authorization system is part of an access system that protects a plurality of resources, 
said access system provides for use of one or more internal authentication systems and 
said access system provides for reliance on one or more external authentication systems, 
said one or more external authentication systems include said first authentication 
system.". 

The teachings of Olden are directed towards such limitations (i.e., col. 3, lines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. 11, line 54, col. 19,lines 43-col. 20,line 57, whereas the \ .. 
plurality of authorization servers ... at least one authorization dispatcher . . . communicate with 
the entitlements server component . . . ' which clearly encompasses plural 
authentication/authorization/access to resources aspects, insofar as the inherent robust nature of 
the network architecture, inclusive of the intranet (i.e., internal server aspects) and Internet web 
(i.e., external server aspects) as broadly interpreted by the examiner would clearly encompass ' 
. . . authorization system . . . access system that protects a plurality of resources, ... internal 
authentication systems . . . reliance . . . external authentication systems, . . . first authentication 
system ...'.). 

Further, as per the claim 44 additionally recited limitation, this claim is the embodied 
method software for the method claim 17 above, and is rejected for the same reasons provided 
for the claim 17 rejection. 
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22. Claim 18 additionally recites the limitation that; "A method according to claim 15, 
further comprising the steps of: 

using said plurality of variables to create information for a cookie; and 
causing said cookie to be transmitted for storage on a client associated with said 
request.". 

The teachings of Olden are directed towards such limitations (i.e., col. 23, lines 45-col. 24,line 
57, whereas the 4 . . . cookie is created for each user ... 5 which clearly is a cookie based on user 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass * . . . using . . . plurality of variables to create . . . cookie; . . . storage on a client 

...'.). 

23. Claim 19 additionally recites the limitation that; "A method according to claim 18, 
further comprising the step of: 

performing single sign-on services based on said cookie.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23, lines 45-col. 24,line 
57, whereas the ' . . . supports single sign on . . . cookie is created for each user . . . ' which clearly 
is a cookie based on user information/variables and the transfer thereof, as broadly interpreted by 
the examiner would clearly encompass c . . . single sign-on services based on said cookie ...'.). 

24. Claim 20 additionally recites the limitation that; "A method according to claim 18, 
further comprising the steps of: 
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receiving a request to access a second resource at a second server, 

said request to access said first resource was received at a first server but not at 
said second server, 

said first authentication system does include said first server and does not include 

* 

said second server, 

said step of receiving said request to access said second resource includes 
receiving contents of said cookie; and 

using said cookie at said second server to authorize access to said second resource 

without authenticating. " . 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-coI. 24,line 
57, whereas the * . . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again' which clearly is a cookie based on user 
information/variables and the transfer thereof, and further, the inherent nature of cookie 
creation/transfer is such that the cookies have a basically one-to-one relationship between the 
server and client so associated. Still further, the IP routing nature of the Internet embodied (at the 
least) embodiment would route packets such that rejection of non-addressed packets would 
inherently occur, such that, as broadly interpreted by the examiner would clearly encompass 
using . . . information to create . . . cookie; . . . storage on a client . . . cookie to authorize access . . . 
(multiple server resources) ... without authenticating'.). 
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Further, as per the claim 45 dddifidnany recited\\mit3tion y this claim is the embodied 
method software for the method claims 18,20 above, and is rejected for the same reasons 
provided for the claims 1 8,20 rejection. 

25. As per claim 21; "A method for providing access to resources [Abstract, figures 1-33 and 
accompanying descriptions], comprising the steps of: 

acquiring user identification information from an authentication system, 

said user identification information is associated with a request from a first user to 
access a first resource, 

said step of acquiring is performed by an authorization system, 

said authorization system is separate from said authentication system 
[figures 1-5 and accompanying descriptions, whereas the authorization 
component, entitlement server component, administrative client/resource 
consumer (at the user, group, and realm level insofar as user identification 
information would be concerned), and enabled web server, as broadly interpreted 
by the examiner correspond respectively, to the applicant's authorization system, 
first authentication system, user identification information (source thereof), and 
accessible resources.]; 
relying on said authentication system for authenticating said first user; 
using said user identification information to create information for a cookie; 
causing said cookie to be transmitted for storage on a client associated with said request 
to access said first resource [i.e., col. 23,lines 45-col. 24,line 57, whereas the c . . . cookie is 
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created for each user . . / which clearly is a cookie based on user information/variables and the 
transfer thereof, as broadly interpreted by the examiner would clearly encompass ' . . . using . . . 
information to create . . . cookie; . . . storage on a client ...'.]; and 

performing, at said authorization system, authorization services for said request to access 
said first resource [figures 1-33, and accompanying descriptions, whereas the actual 
authorization servicing functionality per se, as broadly interpreted by the examiner correspond, 
to the applicant's c ... performing authorization services ...'.]; 

wherein said authorization services comprise determining whether said first user is 
authorized to access said first resource [figures 1-33, and accompanying descriptions, whereas 
the actual authorization servicing functionality per se, as broadly interpreted by the examiner 
correspond, to the applicant's claim limitation.]; and 

wherein authenticating said first user comprises verifying an identity of said first user 
[figures 1-5, and particularly figures 2,3, and accompanying descriptions, whereas the 
entitlement creation/assignment in the access rights, user/group/realm information (i.e., the 
database referencing aspects thereof) pertaining to user ID, name, address, password, ACL 
analog, etc., aspects, as broadly interpreted by the examiner correspond, to the applicant's claim 
limitation.]". 

Further, as per claim 50, this claim is the embodied method software for the method 
claim 21 above, and is rejected for the same reasons provided for the claim 21 rejection. 
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26. Claim 22 addifionatfy recites the limitation that; "A method according to claim 21, 
wherein: 

said authorization system is part of an access system that protects a plurality of resources, 
said access system provides for use of one or more internal authentication systems 

and 

said access system provides for reliance on one or more external authentication 
systems, 

said one or more external authentication systems include said first 
authentication system.". 
The teachings of Olden are directed towards such limitations (i.e., col. 3, lines 24-col. 4,line 45, 
col. 6,lines 36-62, col. 9,lines 63-col. ll,line 54, col. 19,lines 43-col. 20,line 57, whereas the 
plurality of authorization servers ... at least one authorization dispatcher . . . communicate with 
the entitlements server component ... 5 which clearly encompasses plural 
authentication/authorization/access to resources aspects, insofar as the inherent robust nature of 
the network architecture, inclusive of the intranet (i.e., internal server aspects) and Internet web 
(i.e., external server aspects) as broadly interpreted by the examiner would clearly encompass ' 
. . . authorization system . . . access system that protects a plurality of resources, . . . internal 
authentication systems . . . reliance . . . external authentication systems, . . . first authentication 
system ...'.). 
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Further, as per the claim 51 additionally recited limitation, this claim is the embodied 
method software for the method claim 22 above, and is rejected for the same reasons provided 
for the claim 22 rejection. 

27. Claim 23 additionally recites the limitation that; "A method according to claim 21, 
further comprising the step of: 

performing single sign-on services based on said cookie.". 
The teachings of Olden are directed towards such limitations (i.e., col. 23,lines 45-col. 24,line 
57, whereas the ' . . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again' which clearly is a cookie based on user 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass ' ... single sign-on services based on said cookie ...'.). 

Further, as per the claim 52 additionally recited limitation, this claim is the embodied 
method software for the method claim 23 above, and is rejected for the same reasons provided 
for the claim 23 rejection. 

28. Claim 24 additionally recites the limitation that; "A method according to claim 21, 
further comprising the steps of: 

receiving a request to access a second resource, 

said request to access said second resource includes contents of said cookie; and 
using said cookie to authorize access to said second resource without authenticating ". 
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The teachings of Olden are directed towards such limitations (i.e., col. 23, lines 45-coI. 24,Iine 
57, whereas the ' . . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again' which clearly is a cookie based on user 
information/variables and the transfer thereof, as broadly interpreted by the examiner would 
clearly encompass ' . . . using . . . information to create . . . cookie; . . . storage on a client . . . cookie 
to authorize access . . . without authenticating'.). 

Further, as per the claim 53 additionally recited limitation, this claim is the embodied 
method software for the method claim 24 above, and is rejected for the same reasons provided 
for the claim 24 rejection. 

29. Claim 25 additionally recites the limitation that; "A method according to claim 21, 
further comprising the steps of: 

receiving a request to access a second resource at a second server, 

said request to access said first resource was received at a first server but not at 

said second server, 

said first authentication system does include said first server and does not include 
said second server, 

said step of receiving said request to access said second resource includes 
receiving contents of said cookie; and 

using said cookie at said second server to authorize access to said second resource 
without authenticating.". 
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The teachings of Olden are directed towards such limitations (i.e., col. 23, lines 45-coI. 24,Iine 
57, whereas the ' . . . supports single sign on . . . cookie is created for each user . . . eliminating the 
need . . . submit . . . password again' which clearly is a cookie based on user 
information/variables and the transfer thereof, and further, the inherent nature of cookie 
creation/transfer is such that the cookies have a basically one-to-one relationship between the 
server and client so associated. Still further, the IP routing nature of the Internet embodied (at the 
least) embodiment would route packets such that rejection of non-addressed packets would 
inherently occur, such that, as broadly interpreted by the examiner would clearly encompass 4 . . . 
using . . . information to create . . . cookie; . . . storage on a client . . . cookie to authorize access . . . 
(multiple server resources) . . . without authenticating'.). 

Further, as per the claim 54 additionally recited limitation, this claim is the embodied 
method software for the method claim 25 above, and is rejected for the same reasons provided 
for the claim 25 rejection. 

Allowable Subject Matter 

30. Claims 26-3 1,38-41,46-49,55-60,62,63,65 allowed over prior art. 

Response to Amendment 

31. As per applicant's argument concerning the lack of teaching by Olden of a "separate" 
network system configuration aspects, the examiner has fully considered in this response to 
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amendment; the arguments, and finds them still not to be persuasive, as per the previous office 
action arguments response. 

32. As per applicant's argument concerning the lack of teaching by Olden of an "external " 
network system configuration aspects, the examiner has fully considered in this response to 
amendment; the arguments, and finds them to be persuasive. The claims 26-31,38-41,46-49,55- 
60,62,63,65, whereas the reference is to "external" network system configuration are allowed 
over prior art. 
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Conclusion 



33. Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (571) 272-3861, and whose 
unofficial Fax number is (571) 273-3861 and unofficial email is Ronald.baum@uspto.gov. The 
examiner can normally be reached Monday through Thursday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (571) 272-3795. The Fax number for the organization 
where this application is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. For more information for 
unpublished applications is available through Private PAIR only. For more information about the 
PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Ronald Baum 




Patent Examiner 





